Application No. 10/577,857 
Attorney Docket No. 90500D-000083/US 

LISTING OF THE CLAIMS 

The following is a complete and current listing of the claims with status 
identifiers in parentheses. The following listing of claims will replace all prior 
versions and listings of claims in the application. 

Listing Of Claims 

1 . (Previously Presented) An authentication method of at least one 
application working in an equipment connected by a network to a control server, 
said equipment being locally connected to a security module, said application being 
at least one of loadable and executable via an application execution environment of 
the equipment and said application being adapted to use resources stored in the 
security module, the method comprising: 

receiving by the control server, via the network, identification data including 
at least an identifier of the equipment and an identifier of the security module, 

analyzing and verifying, by the control server, said identification data, 

generating, by the control server, a cryptogram, the cryptogram including a 
digest of the application, the identification data, instructions intended for the 
security module and at least one of an identifier of the application and an identifier 
of security module resources, 

transmitting the application and the cryptogram by the control server, via 
the network and the equipment, to the security module, and 

verifying, by the security module, the application by comparing the digest 
extracted from the received cryptogram with a digest determined by the security 
module, 

wherein, during at least one of initialization and activation of the 
application, the security module executes the instructions extracted from the 
cryptogram and, according to a result of the verification of the application, 
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performs at least one of releasing and blocking access of certain resources of said 

security module to the application. 

2. (Previously Presented) The method according to claim 1, wherein the 
equipment is a mobile equipment of mobile telephony. 

3. (Previously Presented) The method according to claim 1, wherein the 
network is a mobile network of at least one of a GSM, GPRS, and UMTS. 

4. (Previously Presented) The method according to claim 2, wherein the 
security module is a subscriber identification module that is inserted into the 
mobile equipment of mobile telephony. 

5. (Previously Presented) The method according to claim 4, wherein the 
identification data of at least one of the mobile equipment and subscriber 
identification module includes an identifier of the mobile equipment and an 
identifier of the subscriber identification module pertaining to a subscriber of the 
network. 

6. (Previously Presented) The method according to claim 1, wherein the 
instructions included in the cryptogram received by the security module condition 
the use of the application according to criteria established previously by at least 
one of the operator, the application supplier and the user of the equipment. 

7. (Previously Presented) The method according to claim 6, wherein the 
criteria define limits of use of the application according to risks associated with at 
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least one of the software of the application and the hardware of the equipment that 

the operator desires to take into account. 

8. (Previously Presented) The method according to claim 1, wherein the 
verification of the application with the cryptogram is carried out at the time of at 
least one of the first initialization and the first use of the application. 

9. (Previously Presented) The method according to claim 1, wherein the 
verification of the application with the cryptogram is periodically carried out at a 
given rate according to instructions originating from the control server. 

10. (Previously Presented) The method according to claim 1, wherein the 
verification of the application with the cryptogram is carried out at the time of each 
initialization of said application on the equipment. 

1 1 . (Previously Presented) The method according to claim 1 , wherein the 
cryptogram is generated with the aid of an asymmetrical or symmetrical encryption 
key from a data set including the identifier of the equipment, the identifier of the 
security module, an identifier of the application, the digest of the application 
calculated with an unidirectional hash function, identifiers of the resources of the 
security module and instructions for blocking or releasing resources of the security 
module. 

12. (Previously Presented) The method according to claim 11, wherein the 
cryptogram includes a variable that is predictable by the security module thereby 
avoiding the double use of a same cryptogram, the value of said variable controlled 
by the security module by comparing the value of the variable with a reference 
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value, the reference value being stored in the security module and regularly 

updated. 

13. (Previously Presented) The method according to claim 1, wherein the 
security module transmits to the control server, via the equipment and the 
network, a confirmation message when the security module has accepted or 
refused a cryptogram of an application. 

14. (Previously Presented) The method according to the claim 1, wherein the 
cryptogram is transmitted to the security module at the same time as the 
application is loaded into the equipment via the application execution environment. 

15. (Previously Presented) The method according to claim 1, wherein the 
application, once loaded into the equipment from the control server via the 
network, requests a cryptogram from the server at the time of its initialization and 
transmits said cryptogram to the security module, the confirmation message of 
acceptance or refusal of the cryptogram being transmitted by the security module 
to the server via the application. 

16. (Previously Presented) The method according to claim 1, wherein the 
equipment is at least one of a Pay-TV decoder and a computer to which the security 
module is connected. 

17. (Previously Presented) A security module comprising resources intended 
to be accessed locally by at least one application installed in an equipment 
connected to a network, 
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said equipment including means for reading and transmitting data, the 

transmitted data including at least one of an identifier of the equipment and an 

identifier of the security module, said security module further including means for 

reception, storage and analysis of a cryptogram and of the at least one application 

received with the cryptogram, 

wherein the cryptogram includes a digest of said application, at least 

one of the identifier of the equipment and the identifier of the security module, 

instructions for the security module, means for verifying said at least one 

application, means for identification of security module resources and means for 

extraction and execution of the instructions contained in the cryptogram, 

the means for extraction and execution performing at least one 

of releasing and blocking certain resources of the security module to the at least 

one application according to a result of the verification of the at least one 

application. 

18. (Previously Presented) The security module according to claim 17, 
wherein the security module is a subscriber identification module that is connected 
to a mobile equipment. 

19. (Previously Presented) The method according to claim 2, wherein the 
security module is a subscriber identification module that is inserted into the 
mobile equipment of mobile telephony. 

20. (Cancelled) 

*** END CLAIM LISTING *** 
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